Worldwide Surge in Brute Force RDP Attacks All Through the COVID-19 Pandemic

COVID-19 has compelled a lot of organizations to quickly implement a work from home scheme for employees, which resulted in new possibilities for cybercriminals to execute attacks. Cyberattacks on remote employees have grown considerably at this time of the COVID-19 lockdown. Attackers are extensively targeting the application-level protocols utilized by remote employees to connect to company networks.

Remote Desktop Protocol (RDP) is an exclusive communications protocol created by Microsoft to enable employees, IT staff, and others to have a remote connection to company networks, services, and virtual desktops. This allows the employees of many organizations to work from home using their PCs.

RDP has additionally proven to be widely recognized by cybercriminals. With the growing number of remote employees accessing networks via RDP, cybercriminals are able to intensify their attacks. New information from Kaspersky indicates a significant global rise in brute force attacks on RDP.

To connect by RDP, workers usually input a username and password. Attackers conduct brute force attacks on RDP to figure out the passwords, which entails using various password combinations until eventually guessing the correct one. Attackers may take quite a while to guess complex passwords. starting with dictionary terms and passwords acquired from past data breaches.

As soon as the attackers correctly guessed the credentials, they could be used to get a remote connection to any system that a worker is authorized to access. Even though a relatively low-level set of credentials is breached, hackers could get a foothold in the system to extensively attack the company. IT security teams may find it hard to identify these unauthorized logins that used stolen credentials.

When attackers gain access, they can use email accounts to send phishing emails to other employees within the organization. Just one email account compromised can cause a data breach affecting hundreds and thousands of patients’ protected health information (PHI). Attackers can also install ransomware and other malware.

The enormity of the attacks is disconcerting. Last year, attacks spiked in various regions, but they were primarily local and small. Now, attacks significantly increased almost worldwide. For example, in February there were 93,102,836 attacks worldwide. In April, there were already 326,896,999 attacks.

The United States had experienced double the amount of RDP brute force attacks from January 2 to March 3. The number almost tripled on April 7 with 1.4 million RDP brute force attacks identified.

It is expected that the brute force RDP attacks will continue at high levels until the number of remote workers diminishes when the COVID-19 crisis is finished.

There are a number of steps that organizations should take to lower their risk of these successful attacks. Most important is to implement the use of strong passwords that are hard to guess. It also helps to use two-factor authentication so that when an attacker was able to guess a password, a second factor is required before allowing the connection. Workers should also utilize a corporate VPN to connect remotely together with Network Level Authentication (NLA) measures to prohibit attempts of unauthorized access. Kaspersky additionally warns that in case remote employees are not using RDP, port 3389 must be deactivated.